Cookie Policy
Last updated: 19 May 2026
This Cookie Policy explains how DHP Kenya Limited ("we", "us", or "our") uses cookies and similar tracking technologies on the Digital Health Platform ("DHP") at dhp.ke. It should be read alongside our Privacy Policy.
1. What Are Cookies?
Cookies are small text files placed on your device (computer, tablet, or mobile phone) when you visit a website or web application. They enable the site to recognise your device and remember certain information about your visit, such as your preferences and login status.
We also use similar technologies including local storage, session storage, and IndexedDB for Progressive Web App (PWA) offline functionality. These serve the same essential purposes as cookies.
2. Types of Cookies We Use
Strictly Necessary Cookies
Always ActiveThese cookies are essential for the Platform to function and cannot be switched off. They are set in response to actions you take, such as logging in or managing a treatment fund. Without these, core services cannot be provided.
| Cookie Name | Purpose | Duration | Provider |
|---|---|---|---|
| dhp_session | Encrypted session authentication cookie. Contains your role and session expiry. HTTP-only, Secure, SameSite=Strict. | 24 hours | DHP Kenya |
| __Host-csrf | CSRF protection token for form submissions and API mutations. | Session | DHP Kenya |
| firebase-auth-token | Firebase Authentication identity token (stored in memory / secure cookie). Never persisted to localStorage. | 1 hour | Google Firebase |
Functional Cookies
These cookies enable enhanced functionality and personalisation. They may be set by us or third-party providers. Disabling these may affect certain features.
| Cookie Name | Purpose | Duration | Provider |
|---|---|---|---|
| dhp_theme | Remembers your colour theme preference (light/dark/system). | 1 year | DHP Kenya |
| dhp_lang | Stores your preferred language (English / Swahili). | 1 year | DHP Kenya |
| dhp_consent_v | Records the version of the cookie consent you accepted. | 1 year | DHP Kenya |
| dhp_cookie_prefs | Stores your granular cookie category preferences. | 1 year | DHP Kenya |
Analytics Cookies
These cookies help us understand how users interact with the Platform so we can improve features and performance. All analytics data is anonymised and aggregated. No individual-level health data is included in analytics.
| Cookie Name | Purpose | Duration | Provider |
|---|---|---|---|
| _ga, _ga_* | Google Analytics / Firebase Analytics — measures aggregated page views, feature usage, and navigation flows. IP addresses are anonymised. | 2 years | |
| dhp_rtdb_session | DHP Realtime Database session counter for live analytics dashboard (anonymised). | Session | DHP Kenya |
Performance Cookies
These cookies collect anonymised information about how the Platform performs, including load times and error rates. They help us diagnose technical issues.
| Cookie Name | Purpose | Duration | Provider |
|---|---|---|---|
| Firebase Performance | Firebase Performance Monitoring — captures page load times and API response latency. No PHI included. | 30 days | Google Firebase |
PWA / Service Worker Storage
These are not cookies in the traditional sense but serve similar purposes for our Progressive Web App. They enable offline functionality and improve load speed.
| Cookie Name | Purpose | Duration | Provider |
|---|---|---|---|
| SW Cache (Cache Storage) | Service worker caches static assets (HTML, CSS, JS, fonts) for offline access and faster loading. | Until SW updates | DHP Kenya |
| IndexedDB / localStorage | Stores non-sensitive user preferences and PWA installation state locally. Health data is never stored in these locations. | Persistent (cleared on sign-out) | DHP Kenya |
3. Cookies We Do Not Use
- We do not use advertising or targeting cookies.
- We do not share cookie data with advertising networks or data brokers.
- We do not use cross-site tracking pixels.
- We do not store Protected Health Information (PHI) in any client-side storage (cookies, localStorage, or IndexedDB).
4. Third-Party Cookies
| Third Party | Purpose | Privacy Policy |
|---|---|---|
| Google / Firebase | Authentication, analytics, and performance monitoring | https://policies.google.com/privacy |
| Safaricom (M-Pesa Daraja) | Payment processing callbacks (no tracking cookies set by Safaricom on our domain) | https://www.safaricom.co.ke/personal/privacy-policy |
| Geist Fonts (Vercel) | Web font delivery (no tracking) | https://vercel.com/legal/privacy-policy |
5. Your Cookie Choices
You can control cookies in the following ways:
- Cookie Consent Banner: On your first visit, a banner allows you to accept or decline non-essential cookies. You can update your preferences at any time from Dashboard → Settings → Privacy & Cookies.
- Browser Settings: All modern browsers allow you to block or delete cookies. Note that blocking Strictly Necessary cookies will prevent you from logging in to the Platform. See your browser's help documentation:
- Google Analytics Opt-Out: You can install the Google Analytics Opt-out Browser Add-on to prevent your data from being used by Google Analytics.
6. Changes to This Cookie Policy
We may update this Cookie Policy to reflect changes in the cookies we use or applicable law. We will notify you of significant changes by updating the "Last updated" date and, where appropriate, presenting the updated consent banner again. Continued use of the Platform after changes indicates your acceptance of the updated Policy.
7. Contact Us
If you have questions about our use of cookies, contact us at: privacy@dhp.ke